An employee of CoinDCX, a cryptocurrency exchange that was hacked for $44 million in mid-July, was arrested in India in connection with a security breach, according to multiple local reports.
Bengaluru City police detained CoinDCX software engineer Rahul Agarwal after hackers allegedly managed to compromise his login credentials to siphon the exchangeâs assets, The Times of India reported on Thursday.
The arrest followed a complaint and internal investigation by CoinDCX operator Neblio Technologies, which determined that Agarwalâs credentials had been compromised via his work laptop, allowing unauthorized access to the companyâs servers.
During questioning as his laptop was seized, Agarwal, 30, denied involvement in the crypto theft, but admitted to taking on part-time work for up to four private clients while still employed at CoinDCX.
âSophisticated social engineering attackâ
CoinDCX declined to confirm or deny Agarwalâs arrest to Cointelegraph, referring to an X post by CoinDCX co-founder and CEO Sumit Gupta, who told the public on Thursday that the exchange cannot engage with media amid an ongoing investigation.
âBased on our internal preliminary findings, this appears to be a sophisticated social engineering attack,â Gupta said in the post, adding that employees are often targeted in such attacks.
âWe urge the media and the public to avoid speculation or the circulation of unverified information, as it may impede the ongoing investigation,â a spokesperson for CoinDCX told Cointelegraph.
Agarwalâs professional background
Citing Neblioâs vice president for public policy, Hardeep Singh, Bengaluru police reportedly said that the arrested employee was a permanent staff member and had been issued a laptop strictly for his role at CoinDCX, according to The Times of India.
Agarwal came under investigation after Neblio discovered that an unknown individual had hacked the system during the night on July 19 and transferred one Tether USDt (USDT) stablecoin to a wallet. Later that morning, hackers siphoned $44 million and transferred the funds to six wallets.
According to a LinkedIn profile purported to be Agarwalâs, the arrested CoinDCX employee had been with CoinDCX for over two years, building his career in the DevOps domain.
He began as a senior software engineer in May 2023, working remotely from Bengaluru, Karnataka. After two years in this role, he was promoted to staff engineer in April 2025, a position he currently holds and performs on-site.
Related: CoinDCX denies itâs in talks to be acquired by Coinbase
According to The Indian Express, the police officers said hackers tricked Agarwal into installing malware on his office laptop.
The news came days after CoinDCX CEO Gupta reported that the exchange was hacked on July 19.
He said no user funds were affected by the exploit, adding that the hackers compromised one of CoinDCXâs internal accounts used for âliquidity provisionsâ with another exchange through a server breach.
Magazine: Crypto traders âfool themselvesâ with price predictions: Peter Brandt
